CommonPopup

Short Title

Title

Description

HashTag

Date

Main Image:

Drop a file here or browse to upload

* Accept image file type .bmp, .jpeg, .jpg or .png only
Image are not able to be deleted after selected any image.

English Title

Chinese Title

Description

The Securities and Futures Commission (SFC) has released the Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading in 27th October 2017 after the two-month consultation last year.

The guideline defines 20 baseline requirements for all licensed or registered persons who are engaged in internet trading to enhance the cyber security resilience and to reduce and mitigate hacking risks. These requirements focus on the internet trading security and the service provider’s security approach which include two-factor authentication, data encryption, network infrastructure and architecture, system configurations, and business contingency planning etc. The key dates for implementing corresponding requirements would be as early as the 27th April 2018.

Internet trading makes people’s lives easier. Yet, immature security awareness and data protection provide an open door for the hackers to interrupt the application services or even blackmail the victims with the encrypted database for return. Hence, we may find that cyber security incidents are being reported from time to time. To name a few, cyber crime that involves market-making activities and trader profited from hacked brokerage accounts.

Government Computer Emergency Response Team Hong Kong processed 6,506 security incidents in 2017 with a 7% increase of 2016. In fact, hackers targeted the companies or organizations which owned a large amount of data with system vulnerabilities and loopholes as their first priority. The recent cyber attack against the travel agencies in Hong Kong would be a good example to illustrate the practice of the hackers who held the database with personal information and were seeking for payout.

Online trading becomes an essential in the financial and banking industry, SFC, acting as the regulatory of securities and futures in Hong Kong, sees the need to govern the security controls for internet trading activities. Although the production cost may increase and the regulations make the transaction procedure more complex to the end-user, it is important to promote information security as technology is  widely applied in today’s world, and to protect end-users’ interest while minimizing the business loss.

In order to understand the existing security level, companies may consider conducting regular I.T. security audits and technical testings. Thus, system and network deficiencies can be identified and remediate actions can be taken such as monitoring approach and incident respond enhancement. It is always a key to prevent any security incident before it happens. Let’s nip it in the bud.

HashTag

Date

Short Title

Title

Description

HashTag

Date

Main Image:

Drop a file here or browse to upload

RELATED IMAGES

DETAILS

Regulated Internet Trading To Reduce Hacking Risks

The Securities and Futures Commission (SFC) has released the Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading in 27th October 2017 after the two-month consultation last year.

The guideline defines 20 baseline requirements for all licensed or registered persons who are engaged in internet trading to enhance the cyber security resilience and to reduce and mitigate hacking risks. These requirements focus on the internet trading security and the service provider’s security approach which include two-factor authentication, data encryption, network infrastructure and architecture, system configurations, and business contingency planning etc. The key dates for implementing corresponding requirements would be as early as the 27th April 2018.

Internet trading makes people’s lives easier. Yet, immature security awareness and data protection provide an open door for the hackers to interrupt the application services or even blackmail the victims with the encrypted database for return. Hence, we may find that cyber security incidents are being reported from time to time. To name a few, cyber crime that involves market-making activities and trader profited from hacked brokerage accounts.

Government Computer Emergency Response Team Hong Kong processed 6,506 security incidents in 2017 with a 7% increase of 2016. In fact, hackers targeted the companies or organizations which owned a large amount of data with system vulnerabilities and loopholes as their first priority. The recent cyber attack against the travel agencies in Hong Kong would be a good example to illustrate the practice of the hackers who held the database with personal information and were seeking for payout.

Online trading becomes an essential in the financial and banking industry, SFC, acting as the regulatory of securities and futures in Hong Kong, sees the need to govern the security controls for internet trading activities. Although the production cost may increase and the regulations make the transaction procedure more complex to the end-user, it is important to promote information security as technology is widely applied in today’s world, and to protect end-users’ interest while minimizing the business loss.

In order to understand the existing security level, companies may consider conducting regular I.T. security audits and technical testings. Thus, system and network deficiencies can be identified and remediate actions can be taken such as monitoring approach and incident respond enhancement. It is always a key to prevent any security incident before it happens. Let’s nip it in the bud.